AI Governance

AI Governance

Move faster with AI without creating unnecessary risk.

Changeable helps organisations design practical AI governance frameworks so teams can use AI with clarity, accountability, human oversight and confidence.

Book a Decision Clarity Session See the Governance Method
Responsible adoption
Practical controls
Human accountability
Governance before scale
01
Define acceptable useWhere can AI be used safely?
02
Identify risks and controlsWhat needs review or restriction?
03
Design human oversightWho remains accountable?
04
Enable adoptionHow do teams use AI well?
The problem

AI governance is not about slowing down. It is about moving safely.

Without governance, AI adoption becomes inconsistent, hard to trust and difficult to scale. People experiment in different ways, use different tools, expose different risks and make decisions without a shared standard.

Good governance works best when it supports a clear AI strategy. It gives teams enough structure to act with confidence and helps the organisation define what is allowed, what needs review, what must be protected and where human judgement remains essential.

Uncontrolled tool use

Teams may use public or unapproved tools with sensitive data, unclear ownership or no review process, especially where AI agents and assistants are introduced without clear boundaries.

Unclear accountability

AI-generated outputs can influence decisions without clear responsibility for quality, accuracy or final judgement.

Poor data and privacy controls

Information can be shared, processed or reused in ways that create privacy, confidentiality or trust risks.

New Zealand context

AI governance needs to match local expectations.

For New Zealand organisations, governance is not just an internal policy exercise. It should consider privacy, transparency, public trust, human accountability, data handling, stakeholder expectations and the way AI is used in real workflows.

Privacy and information handling

Define what information can be used, where it can be entered, who can access it and what must stay protected under the Privacy Act 2020 and relevant internal obligations.

Human review and accountability

Clarify when AI can assist, when humans must review, and who remains responsible for final decisions, including where AI affects employment, service or operational outcomes.

Public trust and transparency

Support clear communication about how AI is being used, especially in public sector, council or client-facing settings where the Algorithm Charter for Aotearoa New Zealand may be relevant.

How we build your AI governance framework

A practical governance method that connects risk, policy, workflows, people, data and day-to-day AI use.

Phase 01

Governance assessment

Understand current AI use, risk exposure, decision contexts and organisational readiness, including links to AI readiness, data handling and process maturity.

  • Current AI usage review
  • Risk and control gap analysis
  • Data and privacy considerations
  • Stakeholder and workflow context
Phase 02

Framework design

Create a practical framework that defines how AI should be used, managed and reviewed.

  • Acceptable use principles aligned to ISO 42001 where appropriate
  • Roles and responsibilities
  • Risk levels and approval pathways
  • Governance operating model
Phase 03

Policy and standards

Translate governance into usable guidance, controls and standards for teams.

  • AI policy guidance
  • Tool and data use rules
  • Human review requirements for AI-assisted and AI-automated workflows
  • Quality and documentation standards
Phase 04

Implementation and adoption

Support practical rollout so governance helps people work better, not just comply.

  • Team guidance and training
  • Use case review process
  • Monitoring and improvement
  • Leadership decision support

What you receive

The output is designed to make AI use clearer, safer and easier to manage across real teams and workflows.

AI governance framework

A practical framework that defines principles, responsibilities, risk levels, review points and operating expectations, supporting safe delivery across your wider AI and automation solutions.

Acceptable use and policy guidance

Clear guidance on how staff can use AI, what information can be used and what requires approval or review, including support for generative AI use.

Risk and control model

A structured view of AI risks, required controls, escalation points and safeguards for higher-risk use cases.

Human review and accountability model

Defined points where human judgement, review, sign-off and accountability must remain in place.

Use case assessment pathway

A repeatable process for reviewing proposed AI use cases before teams adopt or scale them, including where new AI agents or assistants are proposed.

Implementation roadmap

Practical next steps for embedding governance into workflows, training, leadership oversight and continuous improvement.

Who this is for

AI governance for organisations that need confidence before scale.

This service is designed for organisations that want AI adoption to be useful, safe, transparent and manageable across teams.

Councils and local government

For teams that need to manage public trust, information handling, transparency and accountable decision-making, including alignment with public-sector guidance such as the Algorithm Charter.

Public sector and funded organisations

For organisations operating with higher expectations around governance, reporting, stakeholder trust and oversight, where Privacy Act obligations and public accountability are part of the operating environment.

Businesses adopting AI across teams

For organisations where AI use is spreading and leaders need consistent rules, training, controls and review pathways.

Professional services and knowledge teams

For teams using AI to support research, documentation, advice, analysis or client-facing work where accuracy and trust matter, including teams adopting generative AI in day-to-day delivery.

Questions

Have a question about AI Governance?

Common questions before organisations commit to formalising AI rules, controls and adoption practices.

What is AI governance?

AI governance is the structure an organisation uses to decide how AI should be used, what risks need to be managed, who is accountable and what controls are required. It should sit alongside AI strategy, data governance and operational risk controls.

Does governance slow AI adoption down?

Good governance should make adoption easier. It gives people clearer boundaries, safer pathways and more confidence to use AI appropriately.

Do we need governance if we are only experimenting?

Yes, even early experimentation benefits from basic rules about data use, tool choice, privacy, human review and output quality.

Can this include policies and staff guidance?

Yes. The engagement can include governance frameworks, acceptable use guidance, policy content, review pathways and practical adoption support, including practical links to Fractional AI advisory support where ongoing guidance is needed.

What if we already have AI tools in use?

The work can start by reviewing current use, identifying risk gaps and building a governance model around the reality of how AI is already being used.

Ready to use AI with more confidence and control?

Start with a use case-led conversation. We will help you clarify what needs governance, what can move quickly and what should be controlled before it scales. You can also start with a Decision Clarity Session if you need help deciding the right next step.

Book a Decision Clarity Session Explore Solutions